Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure/Encrypt SQL Server Database With TDE

Similar presentations


Presentation on theme: "Secure/Encrypt SQL Server Database With TDE"— Presentation transcript:

1 Secure/Encrypt SQL Server Database With TDE
Thomas Chan Secure/Encrypt SQL Server Database With TDE

2 Thanks Vendors

3 How am I ? I work for Virginia state as SQL DBA
18+ year in IT and since SQL 7 I love computer, database, Sid Meier's Civilization and The Battle of Polytopia

4 Agenda Where can I do data encryption ? Why encrypt database ?
Where TDE act? How does it work ? SSMS user interface Pros and Cons ! Demos 

5 Where can I do encryption?
SQL functions EncryptByKey, DecryptByKey SSL Bit Locker TDE

6 Why encrypt database ? Protect sensitive data against un-authorized lower level user (OS, virtual machine or storage) Compliance with standards and policies (business or legal)

7 Standards PCI DSS – financial/payment (credit card)
HIPAA – health/medical FERPA – education and family Sarbanes-Oxley Act (SOX) – US corporation, accounting and communication PII – personal identifiable information

8 Where TDE act ? Database Engine TDE Decrypt Encrypt

9 What is TDE ? One more layer to protect data
Encrypt at page level on the fly. It means data, log and backup files are encrypted Does not encrypt columns or connections Algorithm: AES 128, 192, 256 and Triple DES

10 Encryption Hierarchy Windows level: Data Protection API (DPAPI)
SQL Instance level: master key and certificate Database level: database master key and encryption key

11 Encryption Hierarchy 2 Windows / OS SQL Instance Database

12 SSMS user interface

13 Pros and Cons PROS Encrypt database files: backup, transaction log and data files Protect data against lower level access like OS users Low performance cost It is transparent, no coding CONS Does not encrypt memory or file streams data Does not encrypt connections Must be SQL enterprise or developer edition

14 Other considerations Always encrypt TempDB (pro or cons)
Master key dependency (may use SQL EKM capability or EKM software) Works with high availability and disaster recovery options: failover clustering, mirroring and log shipping Replication data is not encrypted when it travels between servers (plain text) Is it work “well” with compression??

15 Demo Show the data and backup file before TDE in notepad Enable TDE
Monitor enabling operation Restore database with TDE enabled in 2nd instance (VM02) Disable TDE TDE working with log shipping ?

16 SATA rpm + 1 GB = 1 min 20 sec SCSI rpm + SAN (redundancy disk/Raid 0) will be much faster

17 References Understanding TDE Extensible Key Management (EKM) Protecting SQL Server Data – John Magnabosco (free ebook from Red Gate)

18 Questions ?


Download ppt "Secure/Encrypt SQL Server Database With TDE"

Similar presentations


Ads by Google